ikePrfPfsIdentity
FEC-IPSEC-MIB ·
.0.14.1.11
Object
column
r/w
Enumeration
This object specifies whether IKE SA's should be deleted
immediately after a phase 2 (IPSec-) SA pair has been
negotiated.
The consequence of enabling this feature is that before each
phase 2 negotiation there always has to be a phase 1
negotiation. Thus individual phase 2 SAs cannot be
associated with one another or, respectively, if the
identity of a remote peer is known to an eavesdropper
for one SA, he cannot conclude that the next SA is
negotiated with the same remote peer.
Note: Setting this flag only makes sense if configured
together with id-protect mode or RSA encryption for
authentication and if the IP address of the remote
peer does not allow conclusions about its identity
(i.e. dynamic remote peer addresses).
Possible values:
true(1), -- delete phase 1 SAs
false(2), -- reuse phase 1 SAs
default(3) -- use value from default profile
-- (false if this is the default profile).
Context
- MIB
- FEC-IPSEC-MIB
- OID
.0.14.1.11- Type
- column
- Access
- readwrite
- Status
- current
- Parent
- ikeProfileEntry
Syntax
Enumeration
Values & Constraints
Enumerated Values
1 | true |
2 | false |
3 | default |